[Cryptech Tech] Key wrap in HW

Joachim Strömbergson joachim.strombergson at assured.se
Mon Jun 25 14:40:38 UTC 2018


On 25 Jun 2018, at 14:26, Peter Gutmann wrote:
> Is that specific to the NIST wrap mechanism or an issue with the HW in
> general?  For PKCS #15 it's just AES-CBC with an HMAC around it, so 
> presumably
> a single operation, or at least one for AES over a block of memory and 
> a
> second for the HMAC over the same block.

It is mainly specific to the keywrap mechanism in RFC 3394. See 2.2.1:


Basically it divides a given message M into n 64-bit blocks. Each block 
is encrypted 6 times with AES (the 64-bit block is combined with an 
evolved 64-bit state A). With the architecture we have this means that 
each 64-bit block moves back and forth between the MCU and the FPGA 12 
times. Just moving all of M to the FPGA and instead process it there 
before moving the resulting C back should make quite a difference.


More information about the Tech mailing list